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ABSTRACT 



A method for processing packets in a router includes speci- 
fying operations on packets as chains of processing ele- 
ments. Each chain is uniquely associated with one interface/ 
protocol pair, and each processing element performs at least 
one function on a packet. An incoming packet is received, 
and processed, first by a demultiplexer element which 
determines the protocol of the next higher level used by the 
packet. Then, the packet is processed by the elements of a 
decapsulation chain associated with the interface on which 
the packet was received, and by the elements of an encap- 
sulation chain associated with the interface on which the 
packet is to be transmitted. The demultiplexer element or 
operation passes the packet on to a decapsulation chain 
associated with the protocol and with the incoming 
interface, depending on protocol information contained in 
the incoming packet. Decapsulation and encapsulation 
chains can be built dynamically, by inserting new and 
removing old elements as necessary as new protocols are 
developed and new features added. A chain walker walks 
through the chains, passing the processed packet to each 
element in a chain, until either the end of the chain is reached 
and processing is complete, or until the packet is dropped 
because no function can process it, or because a packet is 
processed by an outside process or by hardware, which may 
optionally stop the chain walk. A chain walk may be 
temporarily halted, or may be terminated. If temporarily 
halted, the chain walk can be resumed at any clement in the 
chain, depending on the packet's requirements. A chain walk 
can also begin at any element in a chain, 

32 Claims, 10 Drawing Sheets 
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PACKET PROCESSING USING 
ENCAPSULATION AND DECAPSULATION 
CHAINS 

RELATED APPLICATIONS s 

This application discloses subject matter that is related to 
subject matter disclosed in the following applications, 
assigned to Cisco Systems, Inc., the assignee of the present 
invention, and are incorporated herein by reference: 

Kenneth Moberg and Manoi Leelanivas, PACKET PRO- 
CESSING USING NON-SEQUENTIAL ENCAPSULA- 
TION AND DECAPSULATION CHAINS, filed on the even 
day herewith, Ser. No. 09/418,781. 

Kenneth Moberg, Kristen Marie Robins, and William 15 
May, DISTRIBUTED PACKET PROCESSING USING 
ENCAPSULATION AND DECAPSULATION, filed on the 
even day herewith, Ser No. 09/418,723. 

BACKGROUND OF THE INVENTION 2Q 

A network is a communication system that allows a user 
on a computer to access resources and exchange messages 
with users on other computers. A network is typically a data 
communication system that links two or more computers 
and peripheral devices. It allows users to share resources on 25 
their own systems with other network users and to access 
information on centrally located systems or on systems that 
arc located at remote offices. It may provide connections to 
the Internet or to the networks of other organizations. 

A network typically includes a cable that attaches to a 30 
network interface card (NIC) in each of the devices within 
the network. 

Users interact with network -enabled software applica- 
tions to make a network request, such as to get a file or print 
on a network printer. An application may also communicate 
with the network software, and the network software may 
then interact with the network hardware to transmit infor- 
mation to other devices attached to the network. 

A local area network (LAN) is a network located in a 
relatively small area, such as a department or building. A 
LAN typically includes a shared medium to which work- 
stations attach and through which they communicate with 
one another by using broadcast methods. With broadcasting, 
any device on a LAN can transmit a message that all other 45 
devices on the LAN can listen to. The device to which the 
message is addressed actually processes the message. Data 
is typically packaged into frames for transmission on the 
LAN. 

FIG. 1 is a block diagram illustrating a network connec- 50 
tion between a user 2 and a particular web server 6, This 
figure is an example, which may be consistent with any type 
of network, including a LAN, a wide area network (WAN), 
or a combination of networks, such as the Internet. 

When a user 2 connects to a particular destination, such 55 
as a requested web server 6, the connection from the user 2 
to the web server 6 is typically routed through several 
routers 4A-4D. Routers are internetworking devices, typi- 
cally used to connect similar and heterogeneous network 
segments into Internetworks. For example, two LANs may 6 q 
be connected across a dial-up, integrated services digital 
network (ISDN)> or a leased line via routers. 

Routers are also found throughout the Internet. End users 
may connect to local Internet Service providers (ISPs), 
which are typically connected via routers to regional ISPs, 65 
which are in turn typically connected via routers to national 
ISPs. 
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To move packets from one network to another, packet 
processing software is required on each router. Generally, 
packets received from a network are processed and for- 
warded to another network, based on information contained 
in layers 2 and 3 of the ISO 7-layer model. 

Layer 2 (L2) of the ISO model is commonly referred to as 
the data-link layer. Ethernet, HDLC and PPP are examples 
of commonly used L2 protocols. Ethernet is commonly used 
in LANs, while HDLC and PPP are commonly used in 
WANs. 

Layer 3 (L3) is commonly referred to as the network 
layer. Internet Protocol (IP) is the most commonly used L3 
protocol. ARP, SAP and SNAP are IP-related protocols that, 
although not strictly in layer 2, are considered to be layer 2 
protocols for purposes herein. 

Layer 4 (L4) is commonly referred to as the transport 
layer. TCP is the most commonly used L4 protocol. 

Router software designers use the term encapsulation to 
refer to the layering of protocols. A packet containing TCP, 
IP and ethernet protocols is said to have an encapsulation of 
TCP over IP over ethernet. A packet containing TCP, IP and 
HDLC protocols has an encapsulation of TCP over IP over 
HDLC. 

The proliferation of features and protocols has greatly 
complicated the software involved in processing packets. 
Because of this, the software* responsible for each layer must 
examine each packet to determine what the next step is in the 
handling of the packet. 

For example, when a packet is received on an ethernet 
interface, the ethernet protocol handling software must 
examine the header, and based on values in the header, 
determine what to do with the packet. Data contained within 
a packet, for example, a type or length field in the protocol 
header, contains information about the next layer of the 
packet. 

A traditional ethernet processing algorithm for this might 
be: 

If type=IP and IP is configured for this interface 

Pass packet to IP code 
If type«ARP and ARP is configured for this interface 

Pass packet to ARP code 
If type-RARP and RARP is configured for this interface 

Pass packet to RARP code 
If type«IPV6 and IPV6 is configured for this interface 
Pass packet to IPV6 code 

Each time a new protocol is added, the ethernet code must 
be modified to handle the new protocol. This may be 
necessary for each layer every time new features or proto- 
cols are added. Router software has grown to the point 
where maintenance has become very difficult. Each change 
can cause wide variations in performance. Anew method is 
thus needed to allow growth in features and protocols 
without affecting the stability of existing software. 

SUMMARY OF THE INVENTION 
The present invention solves the above problems by 
logically separating the various packet operations into chain 
elements. These elements are then dynamically chained 
together as needed, at runtime, to form encapsulation and 
decapsulation chains. 

The chains can also be dynamically rebuilt upon a change 
of configuration. Such changes typically come from a cus- 
tomer command line interface, however, in some cases there 
may be features that are configured after a protocol nego- 
tiation. 
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With the employment of chains, developers of oew fea- executes the demux chain associated with the incoming 

turcs do not need to change existing code to introduce the interface, a decapsulation chain associated with the incom- 

new features. Instead, new chain elements can be developed ing interface, and an encapsulation chain associated with an 

and inserted into existing chains as necessary. identified outgoing interface. After an element is executed 

As a result of the improved modularity, performance is 5 from chain walker, the element returns a reference to the 

improved for complex operations. next element in the chain. The chain walker then executes 

Accordingly, a method for processing packets in a router the referenced next element. On the other hand, if the 

includes specifying packet processing function elements and element returns a null reference, the chain walker stops, 

linking them together to form chains. Each chain is associ- In addition, a return code can notify the chain walker that 

ated with a unique interface/protocol pair. As used herein, a 10 the packet should be dropped. 

protocol may be a router-level protocol such as IP, or it may One embodiment implements the chains and chain walker 

be a bridge-level protocol. Furthermore, the term protocol is using an interface descriptor block (1DB) associated with 

meant to encompass the concept of tunneling, where a each interface. An IDB includes a reference or pointer to a 

packet which has already been encapsulated using one demux element associated with the associated interface, a 

protocol is further encapsulated using the same or a different 15 reference to a decapsulation chain array, and a reference to 

protocol at the same level. In such a case, one or more virtual an encapsulation chain array. Each encapsulation or decap- 

interfaces may be encountered by a packet which encapsu- sulation array holds references or pointers to chains of 

late and decapsulate the packet according to various proto- encapsulation or decapsulation processing elements, respec- 

cols. An interface, then, is simply the target of a packet, and tively. 

may be implemented in hardware, software, or both. 20 

Each processing element within a chain performs at least BRIEF DESCRIPTION OF THE DRAWINGS 

one function on. a packet. An incoming packet is received, The foregoing and other objects, features and advantages 

and processed, first by a demultiplexer (demux) element of the invention will be apparent from the following more 

which determines the protocol of the next higher level used particular description of preferred embodiments of the 

by the packet. Then, the packet is processed by the elements 25 invention, as illustrated in the accompanying drawings in 

of a decapsulation (decaps) chain associated with the inter- which like reference characters refer to the same parts 

face on which the packet was received, and by the elements throughout the different views. The drawings are not nec- 

of an encapsulation (encaps) chain associated with the essarily to scale, emphasis instead being placed upon illus- 

interface on which the packet is to be transmitted. trating the principles of the invention. 

In one embodiment, the demultiplexer element or opera- 30 FIG. 1 is a block diagram of an example of a network 

tion passes the packet on to a decapsulation chain associated connection between a user and a web page, 

with the protocol and with the incoming interface, depend- FIG 2 [ s a block diagram illustrating a simple network 

ing on protocol information contained in the incoming connecting a user on an ethernet LAN to a remote server on 

packet. The protocol information may be contained, for ^ a diffcrent ethernet LAN, with a serial WAN using HDLC 

example, in a type or length field in a header. connecting the two LANs. 

Decapsulation and encapsulation chains can be built pjQ 3 js a schematic diagram illustrating decapsulation 

dynamically, by inserting new and removing old elements as and cncapsu i at i on G f a message as performed by a router, 

necessary as new protocols are developed and new features RG 4 fa & ilhjstrating an embodiment 

. 40 of the present invention including a chain walker. 

In addition to decapsulation, the decapsulation chain can ... . ,. ... , . _ 

... n t . • , j. u . * 1- a . j FIG. 4A is a schematic diagram illustrating an embodi- 

mclude functions including, but not limited to, decryption, . . * . f . , 

j . * j ci* • e- *i 1 1 *■ ment of the present invention having a virtual interlace, 

decompression And filtering. Similarly, an encapsulation F ° 

chain can include, in addition to an encapsulation operation, FIG. 4B is a schematic diagram of an embodiment of the 

encryption, compression, flow control and filtering 4 _ P*** invention with different chains than those of the 

functions, as well is other function. previous figures. 

A chain walker walks through the chains, passing the FIG. 4C is a schematic diagram of an alternative embodi- 

proccssed packet to each element in a chain, until either the ment of the present invention illustrating a non-sequential 

end of the chain is reached and processing is complete, or chain. 

until the packet is dropped because no function can process 50 FIG. 4D is a schematic diagram of an alternative embodi- 

it, or because a packet is processed by an outside process or ment of the present invention illustrating another non- 

by hardware, which may optionally stop the chain walk. sequential chain. 

A chain walk may be temporarily halted, or may be FIG. 5 is a schematic diagram of the data structures used 

terminated. If temporarily halted, the chain walk can be to implement decapsulation and encapsulation chains of the 

resumed at any element in the chain, depending on the 55 present invention. 

packet's requirements. A chain walk can also begin at any FIG. 6 is a flowchart illustrating an embodiment of the 

element in a chain. chain walker. 

A packet may be intended for the router, in which case ... 

processing ends after the decapsulation chain terminates. In DETAILED DESCRffTON OF THE 

addition, the router itself can generate packets. The desti- 60 

nation or outgoing interface is determined, and the packet is FIG. 2 illustrates a simple network 10 to which several 

processed by executing processing elements within a systems 14 are connected. In particular, the network 10 

selected encapsulated chain associated with the outgoing connects a user 14A on one ethernet LAN 12 A wit a remote 

interface. Finally, the packet is transmitted from the outgo- server 14B on a different ethernet LAN 12B, with a serial 

ing interface. 65 WAN 16 using HDLC to connect the two LANs 12A, 12 B. 

Preferably, an embodiment uses a chain walker which, Two routers ISAand 15B provide the interfaces between the 

upon receipt of an incoming packet in an incoming interface, two types of networks. 
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The ethernet LANs 12 A, 12B use etheraet protocol, while single element sap_decaps 61; a SNAP decapsulation chain 

the serial WAN 16 uses HDLC protocol. For a TCP packet comprising a single element snap_decaps 63; and a raulti- 

to reach the server 14B, the routers ISA, 15B must change element IP decapsulation chain 64. 

the encapsulation from ethernet to HDLC, and then back to Of course, other decapsulation chains can exist for pro- 

ethernet. These encapsulations are associated with and con- s cessing other protocols as well. For illustrative purposes, 

figured for each interface. assume the packet uses internet protocol (IP). In this case, 

Local area network 12 A uses, for example, the protocol the demux element Ether_decaps 57 returns a pointer to the 

shown in block 18A. Here, HTTP protocol is used by the first element 65 of the IP decapsulation chain 64 to the chain 

application. TCP and IP protocols as well as ethernet pro- walker 55, as indicated by dotted line 86, Logically, decrypt 

tocol are used throughout the local area network. The same 10 65 follows ether_decaps 57 as indicated by solid arrow 85. 

protocols are used in local area network 12B as shown in Decrypt 65 is the first element in the IP decapsulation 

block 18B. chain 64. In this example, the decapsulation chain 64 is 

The wide area network 16, however, uses HDLC protocol shown to comprise a decryption element 65, a decompres- 

instead of ethernet, as shown in block 18C, because this sion element 67, and an ip_switch element 69. In an actual 

protocol is better suited to wide area networks. Therefore, it 15 application, some or all of these elements may be absent, or 

is necessary for the routers 15A, 15B to translate packets additional elements may be in the chain, 

from the ethernet Protocol to HDLC protocol and back to In actuality, for IP packets that are switched, there is no 

ethernet protocol. decapsulation, although the term "decapsulation chain'* is 

FIG. 3 illustrates basic decapsulation and encapsulation as retained. The ip_jswitch element 69 determines if the packet 

performed by router 15Aof FIG. 2. An incoming packet 20A * to be switched or punted for further processing. For A TCP 

contains a message or other data 22 which is encapsulated packet that is destined for the router itself, the actual 

with an HTTP header 24 which in turn is encapsulated with decapsulation is performed in the IP process after the packet 

a TCP header 26. This in turn is encapsulated with an IP has been punted. Similarly, the arp__decaps element 59 

header 28 and the packet is finally encapsulated in an simply punts the packet to the ARP process, 

ethernet frame, including an ethernet header 30. As indicated by the dashed lines 79, the process of chain 

Hie router 15A reformats and readdresses the packet by walkin g can bc implemented by having each chain element 

stripping off the ethernet header 30, or decapsulating the retum t0 the chain walker 55 a P oiater t0 next chain 

frame, and reading the IP header 28 to obtain a destination element - ^ chakl walkcr calls thc next clemeQt m the 

address. The packet now appears as shown at 20B. 30 cnam - 

XT . t j . u , „ ... TinTP . j After decapsulation, the router must prepare the packet for 

Next the router prepends the packet with an HDLC header „ , ^ . . ' t . * K . A , r , . . 

~~ . . -n^V . u *u 1 « a *u further transmission by encapsulating it m the desired 

32 as shown at 20C. The router has thus encapsulated the , . . , • • j _> <• 

messaee in a HDLC packet format. protocol, assuming the packet is not intended for the router 

b p ' itself. Dashed line 88 separates the decapsulation chain 64 

In practice, the decapsulation and encapsulation processes frQm ^ encapsulation chain 74. ^ packet * passed from 

can be more complex, including compression, encryption ^ ^ ; witch clement 69 t0 m encapsulation chain 74 

and other functions. The present invention breaks these associated with the inte nded output HDLC interface 53, 

functions into individual elements, and dynamically chains bcginning ^th th c i p _ re write element 70. Ip_rewrite 70 

the elements together at runtime, as needed, using a linked performs f unc ti onS such as updating (decrementing) the 

chain structure in one embodiment. For example, a chain can t i me -to-live count in an IP packet's header, and recalculating 

be dynamically built at the start of a session. Each session 4 ° the check sum for the { p header 

can then have its own chain. ^ packet jg then pasged tQ ^ compression element 7l) 

A chain walker processes a packet by walking through a mc encryption element 73 and finally to an HDLC encap- 

chain, passing the packet to each element in the chain, until station element 77. The encapsulation element 77 then 

either processing is completed, the chain is halted, or the passcs tQe packet t0 the queue 81 for the intended output 

process is dropped. Each clement also has the ability to interface 53. A scheduler 83 removes the packet from the 

"punt" the packet to an external software or hardware queue 81 and transm j t s via the HDLC interface 53. 

function, and the punted packet may be returned anywhere Packets do not need to be switched in the 

in the chain, or may not be returned at aU. de-encapsulation chain walk. Rather, they can be handed to 

FIG. 4 illustrates an embodiment of the present invention. 5Q an ou tside process for further processing and then passed 

The router shown 15 represents either router 15Aor 15B of back to the start of the encapsulation chain. This is done for 

FIG. 2. While a typical router may have multiple interfaces, ' p i ng ' packets that are destined for the router, for example, 

only two 51, 53 are shown in FIG. 4. a chain walk can be stopped, started or resumed from any 

When a packet is received by the router 15, it. is passed to point on the chain. This allows elements such as an encryp- 
the chain walker 55. The chain walker 55 in turn retrieves a 55 tion element to pass the packet to an outside process, or 
pointer to a de -multiplexor, or demux, element. Because in piece of hardware, to perform the actual encryption, 
this example, interface 51 is an ethernet interface, the demux The processed packet may then be passed back to con- 
element 57 performs an ethernet decapsulation operation. tinue the chain walk. This mechanism is called 'punt* and 
For other types of interfaces, other decapsulation functions 'puntback'. The punting element hands the packet to the 
would be used in the demux chain. 60 outside process or hardware. If the punting element wants 

The demux operation or element 57 determines the pro- the packet to resume the chain walk at the next element in 

tocol of thc next higher level (L3) used by the incoming the chain, it stores the chain next node pointer in the packet, 

packet, and passes the packet to an appropriate decapsula- The puntback routine starts the chain walk with the node 

tion chain. Although it will be understood that there can be previously stored in the packet. 

many more, four possible decapsulation chains are shown: 65 For example, as indicated by lines 87, an element such as 

an ARP decapsulation chain comprising a single element encryption element 73 can pass the packet to an encryption 

arp_decaps 59; a SAP decapsulation chain comprising a process 75 which is external to the chain. This is known as 
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"punting*' the process packet. The packet may be returned to pression element 71C-2, which may use a different com- 

the punting element, encryption element 73 in this example, pression scheme than the voice compression element 71C-1. 

after processing. The packet is then encrypted by encryption element 73 C 

Alternatively, the chain walk could resume processing Packets from either path are then passed to queue element 

with any element in the chain. 5 81C, and finally to the scheduler clement 83C which then 

ARP, SAP and SNAP are various protocols which fall 0Ut P uts lhe P acket through serial interface 53C. 

under the IP protocol family. As shown with respect to the Of course,, packets characteristics are not limited to just 

ARP, SAP and SNAP decapsulation elements 59, 61 and 63 data ™& voice - are sim P l y offered as examples. Packet 

respectively, packets may be processed by additional pro- characteristics on which the classifier 95 may base a 

cesses 60,62, 66 external to the chains. Packets processed by 10 deci f*> * cIude f b p ut ^inp u™' ivf^ P ?~ 

these functions 60, 62, 66 may then be queued directly at * co1 ^V*' ^ V P ? \ ^ * C " 

o-i • l. 1 • • characteristics such as broadcast, multicast, umcast, etc., 

queue 81 without passing through an encapsulation chain. TCP or UDP port number, source and/or destination address, 

Of course, while only IP, ARP, SAP and SNAP decapsu- media type such as voicCj data? or video> 

lation chains are shown, additional protocols can also be ^ wim ^ Qther elemeDts ^ the chain> the c i assine r 95 

supported for this interface 51. Each protocol would have its is {Q the chain walkcr 55 ^ a poinler fo thc next clcment 

own decapsulation chain. However, in one embodiment, the classifier 95 uses internal 

Note that although the incoming and outgoing interfaces knowledge plus its analysis of the packet type to decide 

are typically different interfaces, this is not always true. For along which chain path 96A, 96B to send the packet. Thus, 

example, Ping and ARP are protocols where the incoming the chain is not sequential, in that there are multiple 

and outgoing interface is typically the same interface. 20 branches a chain may take. 

FIG. 4A illustrates an embodiment of the present inven- FIG. 4D is a schematic diagram of another chain which 

tion having a virtual interface 90, which has been inserted at can be implemented by a non-sequential embodiment. FIG. 

the interface 88 (FIG. 4) between the incoming and outgoing 4D shows just an encapsulation chain. A packet is received, 

chains. from the incoming interface, or alternatively, from a virtual 

Lines 88A and 88B represent the beginning and ending 25 interface, by the ip__rewrite element 70B. In the event 

edges of the virtual interface 90, respectively. Message ip_rewrite 70B already knows how to encapsulate the 

packets pass from the ip_switch element 69 to the packet, it performs the encapsulation, and there is no need to 

ip_encaps element 91 within the virtual interface 90. The execute the HDLC encapsulation element 77B. The encap- 

ip_tunnet encaps element 91 encapsulates the IP packet into sulation element 77B is thus skipped by having the packet 

another IP packet, i.e., it implements IP over IP, and passes 30 take the path 97. In this case ip_rewrite 70B passes back a 

the tunneled packet to an ip_switch element 69A, which pointer to the next element to be executed through path 97A, 

may or may not be the same as ip_switch 69 in the incoming the next element being the queue element 81 B. 

chain. The encapsulated IP packet is then passed out of the [f ip_rewrite 70B does not know how to encapsulate the 

virtual interface 90 across line 88B to the encapsulation packet, it will process the packet normally and return a 

chain, specifically to the ip__rewrite element 70. 35 pointer to HDLC encapsulation element 77 B to the chain 

FIG. 4B illustrates chains which are more practical than walker 55. 

those of FIG. 4, which shows many elements for illustrative Finally, the packet is passed from queue element 81 B to 

purposes. the scheduler 83B and transmitted out through the Serial 2 

FIG. 4B shows two interfaces: Serial 1 51B and Serial 2 4Q port 53B. 

53B. The decaps chain encompasses a decryption element The advantage of this,embodiment is that it cuts out the 

65B, a decompress element 67B, a point to point protocol extra processing required to do an extra chain walk. Often, 

(PPP) decapsulation element 92, and an ip switch element ip_rewritc 70B will know how to encapsulate a packet 

69B. Thc encapsulation chain comprises an ip_rewrite based on destination. This information may be returned, for 

element 70B, HDLC encapsulation element 77B, and queue 4S example, by the HDLC encapsulation element 77B after the 

element 81B, followed by a schedule element 83B which first encapsulation of the packet. Ip_rewrite 70B can then 

passes the packet to the output serial port Serail 2 53 B. store this information and use it for later packets, with the 

FIG. 4C is a schematic diagram of an alternative embodi- same destination or within the session, 

ment of the present invention illustrating a non-sequential There are other reasons for having non-sequential chains, 

chain. In this example, the incoming interface is Ethernet 1 50 For example, different types of encryption could be applied 

51 C and the outgoing interface is Serial 1 53C. The decap- to packets depending on destination, type or some other 

sulation chain comprises an e the met decapsulation module attribute. Furthermore, ip_re write can observe the conges- 

57C followed by ip_switch 69C. tion on the network and for example, skip right to the 

lp_switch 69 C passes the packet to the encapsulation scheduler if there is no congestion. In very fast Ethernet, for 

chain through the interface 88, to ip_rewrite 70C which, 55 example, a router needs to get packets in and out fast. By 

among other tasks, updates the time-to-live counter and allowing the chain elements to be skipped or executed in a 

updates the header checksum accordingly. The updated non-sequential way, packets are routed through the router 

packet is then passed from ip_rewrite to a PPP encapsula- expediently. 

tion element 94. Another example where non-sequential chains is useful is, 

The classifier element 95 then examines the packet, for 60 for example, in implementing an access list or other filter, 

example, for packet type or some other characteristic. For Different chain elements can be executed depending on the 

example, packets may be voice or data, as shown in FIG. 4C. destination and/or depending on access rights. 

In the case of voice, the packet is passed along path 96A. The element which causes the non-sequential skip, such 

Voice data is compressed in this example by compression as the classifier 95 of FIG. 4C, can have internal data which 

element 71C-1. 65 allows it to determine, when a chain is built, what the jump 

In the case of data, the packet is passed along path 96B. targets are. Determination may be based on data stored by or 

In this example, the packet's data is compressed by com- for the classifier 94, and based on the incoming packet itself. 
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More generally, different feature sets may be applied to 
packets depending on their source address, destination IP 
address, types or other attributes. The classifier element 95 
can, for example, maintain this information in an internal 
data base and return, to the chain walker 55, a pointer to the 
applicable clement. 

FIG. 5 illustrates the data structures used to implement 
sequential decapsulation and encapsulation chains, as well 
as the sequential portions of non-sequential chains. First, a 
separate interface descriptor block (IDB) 100 is defined for 
each interface. Each IDB 100 includes several fields includ- 
ing a demux field 100A, a decaps array pointer 100B, an 
encaps array 100C, queuing information 100D and sched- 
uling information 100E. 

The demux pointer 100A points to a demux element 102. 
The demux element 102 is typically the only element in the 
demux chain. It is responsible for removing the outer 
encapsulation, e.g., ethernet or HDLC, of an incoming 
packet, and for examining the packet to determine which 
protocol the packet uses. 

The decaps array pointer 100B of the IDB 100 points to 
a decaps array 104. The decaps array 104 holds pointers 
104A-104D to the first elements of various decapsulation 
chains associated with the various protocols. For example, 
the first entry 104Ain the decaps array 104 is a pointer to the 
first element 106 of an IP decapsulation chain 103. 

In one embodiment, each chain element has the structure 
shown at 106, A next field 106A points to the next element 
in the chain. A previous field 106B points to the previous 
element in the chain, and is 0 or some other null indicator for 
the first element. Furthermore, each chain element 106 
contains a data processing element pointer 106 C and a 
control processing element pointer 106D which point to the 
actual processing elements. Control data 106E may also be 
contained in the chain element 106. 

A second chain element 107 is shown. The chain may 
contain a plurality of elements. Each element returns a 
pointer to the next element to be executed to the chain 
walker. 

Similarly, the encaps array pointer 100C in the IDB 100 
points to an encaps array 108. Each entry in the encaps array 
108 points to an encapsulation element for a specific pro- 
tocol. For example, the first entry 108A is a pointer to an 
ethernet encapsulation element. The next entries 
108B-108D contain pointers to encapsulation chain ele- 
ments for other protocols, such as HDLC. 

FIG. 6 is a flow chart 120 illustrating an embodiment of 
the present invention. 

First, at step 122, a packet is received on an interface. 
Then, at step 124, an IDB is retrieved which is associated 
with that interface. At step 126, a pointer to the demux chain 
is retrieved from the IDB, and passed to the chain walker. 

The chain walker 55 receives the packet and the pointer 
from the IDB and sets a return code to 0 at step 130. At step 
132 the chain walker executes the current chain element 
pointed to by the pointer received from the IDB. A typical 
chain element is shown at 134. Each element 134 on the 
chain processes the packet, and can return the next element 
to the chain walker or set the return code to 0 to slop the 
chain walk. The return code is set to a value less than 0 if, 
for some reason, the element 134 cannot process the packet, 
in which case the packet is to be dropped. Otherwise, the 
chain clement 134 returns to the chain walker a pointer to the 
next chain element. 

As described earlier in the description of FIG. 4, a chain 
element 134 may punt or pass the packet to an external 
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routine or to hardware 138 for further processing. The 
external routine or hardware 138 processes the packet, and 
may return control to the chain element, as shown. Alter- 
natively the external routine or hardware 138 may pass the 
packet to another chain or may halt the process. 

A code value is also used to notify the chain walker as to 
whether it should continue. If the packet was passed to a 
higher layer for further processing, the code is set to a value 
that tells the chain walker to do nothing more. If the packet 
is to be dropped, the code is set to a value that tells the chain 
walker to drop the packet. 

When the packet is returned to the chain walker, in step 
140 the chain walker determines whether the return code is 
0. If not, either the packet is dropped at step 142 or the chain 
walker stops. If the return code is 0, then at step 144, the 
chain walker determines whether a chain element has been 
returned. If so the chain walker sets the current element to 
the next element at step 146 and returns to step 132 to 
execute the next chain element. This loop is repeated until 
either the packet is dropped or until there are no more chain 
elements. 

During initialization, the router's hardware control soft- 
ware determines which network interfaces exist on the 
router. An IDB 100 (FIG. 5) is created for each interface. 
The demux, decapsulation element and the encapsulation 
element fields are initially empty. 

A default demux element is associated with each interface 
based on the interface media type, e.g., ethernet, HDLC, etc. 
Configuration information is determined for each interface, 
for example, by reading it from a file or from a program- 
mable memory. Default queuing and scheduling elements 
are then added to the chain. Finally, decapsulation and 
encapsulation elements are added to each interface accord- 
ing to the protocols available as determined by the configu- 
rations. 

Once the chain for an interface is built, the interface is 
ready for packet processing. When a packet is received by an 
interface it is handed to the chain walker, as described with 
respect to FIG. 4. The chain walker has no knowledge of 
protocols. For an encapsulation of IP over ethernet, the chain 
might include only an IP decapsulation element, followed by 
an encapsulation chain comprising ethernet encapsulation, 
queuing and scheduling elements. 

Chains can have elements added or deleted based on 
configuration. Each element in a chain has no specific 
knowledge of the other elements on the chain. The chain 
walker has no knowledge of the number of elements or types 
of protocols on a chain. Each element or node on the chain 
determines the whether or not the chain walk continues 
based on its processing of the packet. 

The above chain could thus be modified by inserting 
elements into the chains without changing the ethernet, IP, 
queuing or scheduling elements. For example, an ethernet 
address filter could be inserted before the IP decapsulation 
element, or a new compression element could be inserted at 
the beginning of the encapsulation chain. 

For packets entering the router from an interface, the 
chain walker typically starts with the demux element. While 
there can be any number of encapsulation and 
de-encapsulation elements chained together on an interface, 
there is typically only one demux element for each interface. 
For packets that are sourced on the router, the chain walk 
starts with the first encapsulation clement. 

While this invention has been particularly shown and 
described with references to preferred embodiments thereof, 
it will be understood by those skilled in the art that various 
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changes in form and details may be made therein without 
departing from the spirit and scope of the invention as 
defined by the appended claims. 
What is claimed is: 

1. A method for processing packets, comprising: 
specifying a chain of function elements, each element 

capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 
processing the packet by walking through the elements of 
the chain; 

receiving an incoming packet at a first interface, the 
packet being encapsulated according to a first protocol, 
wherein processing of the packet is performed by a 
decapsulation chain associated with the first interface 
and with the first protocol; 

upon completion of processing by the decapsulation 
chain, passing the packet to and processing it in an 
encapsulation chain associated with a second interface 
and a second protocol; and 

transmitting the processed packet from the second inter- 
face. 

2. The method of claim 1, wherein a plurality of chains is 
associated with the interface, each chain being associated 
with a unique protocol. 

3. The method of claim 2, wherein an element belongs to 
one or more chains. 

4. The method of claim 2, wherein a unique protocol 
comprises a bridge-level protocol. 

5. The method of claim 2 wherein a unique protocol 
comprises a router-level protocol. 

6. The method of claim 2 wherein a unique protocol 
comprises a tunneling protocol. 

7. The method of claim 1, wherein protocol information 
about a packet is contained in the packet. 

8. The method of claim 1, further comprising: 
building the chain dynamically. 

9. The method of claim 8 wherein the chain is dynami- 
cally built for a session at the session's start. 

10. The method of claim 1 wherein the first interface and 
the second interface are different. 

11. The method of claim 1 if wherein the first interface 
and the second interface are the same. 

12. The method of claim 1 if wherein an interface is a 
virtual interface. 

13. The method of claim 1 if wherein the first protocol and 
the second protocol are different. 

14. The method of claim 1, wherein a demultiplexer 
chain, responsive to protocol information contained in the 
received packet, passes the packet on to the encapsulation 
chain. 

15. The method of claim 1, wherein the encapsulation 
chain performs any or all of: 

encapsulation, encryption, compression, flow control and 
filtering. 

16. The method of claim 1, wherein the decapsulation 
chain performs one or many of: decapsulation, decryption, 
decompression and filtering. 

17. The method of claim 1, further comprising: 
stopping a chain walk at any element in a chain. 

18. The method of claim 17, further comprising: 

upon stopping a chain walk, passing the packet to a 
process external to the chain. 

19. The method of claim 18, wherein the external process 
is implemented by software. 

20. The method of claim 18, wherein the external process 
is implemented by hardware. 
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21. The method of claim 18, wherein the external process 
is implemented by a combination of software and hardware. 

22. The method of claim 18, further comprising: 
resuming a chain walk at any element in a chain. 

23. The method of claim 1, further comprising: 
starting a chain walk at any element in a chain. 

24. The method of claim 1, further comprising: 
generating the packet in a selected protocol; 
determining an interface through which to transmit the 

packet; 

processing the packet by walking through the elements of 
an encapsulation chain associated with the interface 
and the protocol; and 

transmitting the packet from the interface. 

25. The method of claim 1, further comprising: 

from each element in the chain, returning, to the chain 
walker, a pointer to the next element. 

26. A router for a computer network, comprising: 

a plurality of interfaces, each interface associated with 
a demultiplexer chain, 

an array of protocol decapsulation chains, and 
an array of protocol encapsulation chains, 
each chain comprising at least one packet-processing 
element, the elements in a chain being linked; and 
a chain walker which, upon receipt of an incoming first 
protocol packet in a receiving interface, 
passes the packet to the demultiplexer chain associated 

with the receiving interface for processing, 
passes the processed packet to and walks through a 
decapsulation chain associated with the incoming 
interface and the first protocol, for further 
processing, and 
passes the further processed packet to and walks 
through an encapsulation chain associated with an 
identified transmitting interface and identified sec- 
ond protocol. 

27. The router of claim 26 wherein the chain walker walks 
through a chain by executing the chain's elements, wherein 
each element either 

returns a reference to a next element in the chain to be 
executed, wherein the chain walker executes the refer- 
enced next element, or 

returns a null reference, wherein the chain walker stops. 

28. The router of claim 27, further comprising, for each 
interface, an associated interface descriptor block, each 
interface descriptor block comprising: 

a reference to the demultiplexer chain associated with the 
interface; 

a reference to the decapsulation chain array associated 

with the interface; and 
a reference to the encapsulation chain array associated 

with the interface. 

29. The router of claim 28, wherein each encapsulation or 
decapsulation array comprises references to chains of encap- 
sulation or decapsulation processing elements, respectively. 

30. A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by 
the machine to perform method steps of processing packets, 
the method steps comprising: 

specifying a chain of function elements, each element 
capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 

processing the packet by walking through the elements of 
the chain; 
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receiving an incoming packet at a first interface, the 
packet being encapsulated according to a first protocol, 
wherein processing of the packet is performed by a 
decapsulation chain associated with the first interface 
and with the first protocol; 

upon completion of processing by the decapsulation 
chain, passing the packet to and processing it in an 
encapsulation chain associated with a second interface 
and a second protocol; and 

transmitting the processed packet from the second inter- 
face. 

31. A computer program product for use in a computer 
network router, the computer program product comprising a 
computer usable medium having computer readable pro- 
gram code means embodied in the medium for causing 
processing of a packet, the computer usable medium com- 
prising: 

computer readable program code means for causing a 
router to specify a chain of function elements, each 
element capable of performing an operation on a 
packet, the chain being associated with an interface and 
a protocol; 

computer readable program code means for causing a 
router to process the packet by walking through the 
elements of the chain; 

computer readable program code means for receiving an 
incoming packet at a first interface, the packet being 
encapsulated according to a first protocol, wherein 
processing of the packet is performed by a decapsula- 
tion chain associated with the first interface and with 
the first protocol; 

computer readable program code means for passing, upon 
completion of processing by the decapsulation chain, 
the packet to and processing it in an encapsulation 
chain associated with a second interface and a second 
protocol; and 
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computer readable program code means for transmitting 

the processed packet from the second interface. 
32. An article of manufacture for use in a computer 
network router, the article of manufacture comprising a 
computer usable medium having computer readable pro- 
gram code means embodied in the medium, said program 
code means of causing processing of a packet, the program 
code means including: 

computer readable program code means embodied in said 
computer useable medium for causing a router to 
specify a chain of function elements, each element 
capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 
computer readable program code means embodied in said 
computer useable medium for causing a router to 
process the packet by walking through the elements of 
the chain; 

computer readable program code means embodied in said 
computer useable medium for receiving an incoming 
packet at a first interface, the packet being encapsulated 
according to a first protocol, wherein processing of the 
packet is performed by a decapsulation chain associ- 
ated with the first interface and with the first protocol; 

computer readable program code means embodied in said 
computer useable medium for passing, upon comple- 
tion of processing by the decapsulation chain, the 
packet to and processing it in an encapsulation chain 
associated with a second interface and a second proto- 
col; and 

computer readable program code means embodied in said 
computer useable medium for transmitting the pro- 
cessed packet from the second interface. 
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